Enabling Radsec on RADIUS Servers

ArubaOS 8.6.0.0Help Center

You are here: Home > Authentication Servers > Configuring Servers > Enabling Radsec on RADIUS Servers

ConventionalRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.protocol offers limited security. This level of limited security is not sufficient for authentication that takes place across unsecured networks such as the Internet. To address this, theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.overTLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.or Radsec enhancement is introduced to ensureRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.authentication and accounting data is transmitted safely and reliably across insecure networks. The default destination port forRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.overTLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.isTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data./2083. Separate ports are not used for authentication, accounting, anddynamic authorizationDynamic authorization refers to the ability to make changes to a visitor account’s session while it is in progress. This might include disconnecting a session or updating some aspect of the authorization for the session.changes.

In aTLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.connection, both themanaged device(TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.client) and the Radsec server (TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.server) need to authenticate each other using certificates. For themanaged deviceto authenticate the Radsec server:

TheCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.certificate should be uploaded as aTrusted CAif the Radsec server uses a certificate signed by aCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate..

Self-signed certificates should be uploaded as aPublicCertif the Radsec server uses a self-signed certificate.

If neither of these certificates are configured, themanaged devicedoes not try to establish any connection with the Radsec server, even if Radsec is enabled.

Themanaged devicemust also send aTLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.client certificate to the Radsec server by uploading a certificate onMobility MasterasServerCertand configuring Radsec to accept and use the certificate. If a certificate is not configured,Mobility Masteruses the device certificate in itsTPMTrusted Platform Module. TPM is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices.. In this case, theArubadeviceCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.that signed the certificate should be configured as a TrustedCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.on the Radsec server.

When Radsec support is enabled, the defaultRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.shared key isradsecand remains the same even if the user configures a different shared key.

(host) [mynode] (config) #aaa authentication-server radius

enable-radsec

radsec-client-cert-name

radsec-port

radsec-trusted-cacert-name

radsec-trusted-servercert-name

To upload certificates through theCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., seeManaging Certificates.

To configure a Radsec server asRFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss.3576 server for dynamicCoAChange of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions., seeRADIUS Server VSAs.

RADIUS Server VSAs

VSAs are a method for communicating vendor-specific information between Network Access Servers andRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.servers, allowing vendors to support their own extended attributes. You can useArubaVSAs to derive the user role andVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.forRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.-authenticated clients; however the VSAs must be present on yourRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server. This requires that you update theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.dictionary file with the vendor name (Aruba) and/or the vendor-specific code (14823), the vendor-assigned attribute number, and the attribute format (such as string or integer) for eachVSAVendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers.. For more information onVSAVendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers.-derived user roles, seeWorkflow for Assigning a User Role

Starting fromArubaOS8.4.0.0, theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server VSAs support Aruba-Captive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.-VSAVendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers.attribute.

For the current and complete list of allRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.VSAs available in the version ofArubaOScurrently running on yourMobility Master, access the command-line interface and issue the commandshow aaa radius-attributes.

Bandwidth-VSAs

Starting fromArubaOS8.2.0.0, themanaged devicecan dynamically assign per-user or per-group bandwidth rate on Layer 3 authenticated clients based on the direction fromRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server. To direct themanaged device针对特定客户执行带宽汇率房颤ter successfulCaptive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.authentication, threeRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.Vendor-Specific Attributes named Bandwidth-VSAs are added in theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.Access-AcceptResponse from the RADIUS server indicating successful authentication and containing authorization information.packet.

Table 1:Bandwidth-VSAs
VSA	Type	Value	Description
Nomadix-Group-Bw-Policy-ID	Integer	19	Set to zero for per-client, else the group-ID for per-group.
WISPrWireless Internet Service Provider Roaming. The WISPr framework enables the client devices to roam between the wireless hotspots using different ISPs.-Bandwidth-Max-Up	Integer	7	Upstream bandwidth rate in bits per second.
WISPrWireless Internet Service Provider Roaming. The WISPr framework enables the client devices to roam between the wireless hotspots using different ISPs.-Bandwidth-Max-Down	Integer	8	Downstream bandwidth rate in bits per second.
Vendor ID	Integer	8	ID of the vendor.

The server-redirected bandwidth control feature supports only D-tunnel andcontrollerwired clients.

(host) # show aaa bandwidth-contracts dynamic

Customizing the RADIUS Attributes

Starting fromArubaOS8.1.0.0, the users can now configureRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile to customize the attributes that are included, excluded and modified in theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.request before it is sent to the authentication server. TheRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile can be configured and applied to either Access- Request orAccounting-RequestRADIUS packet type sent to a RADIUS server containing accounting summary information.或两个RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.authentication or accounting server.

This profile can contain up to 64RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.attributes with static values that are used either to add or update in the request and another 64RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.attributes to be excluded from the Requests.

Two new parameters have been added in theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile :

auth-modifier: When assigned, it references to aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile which is applied to all Access-Requests sending to thisRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.authentication server.

acct-modifier: When assigned, it references to aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile which is applied to all Accounting-Requests sending to thisRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.accounting server.

You can create aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile to customize the attributes that are included, excluded and modified in theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.request before it is sent to the authentication or accounting server.

The following procedure describes how to create aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile and customize theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.attributes:

1.In theMobility Masternode hierarchy, navigate to theConfiguration > System > Profilestab.

2.UnderAll Profiles, expandWireless LAN.

3.ClickRadius Modifier.

4.Under theRadius Modifier Profile: New Profile, click+to add a Radius modifier profile.

5.Enter theProfile name.

6.In+Attrfield, click+and select a name fromNamedrop-down list box and set theTypeto Static and enter theStatic_val.ClickOK. The name field should be available in the list of attributes when we execute the command,show aaa radius-attributecommand

7.In the-Attrfield, click+and select the name of the attribute you want to exclude from-attrdrop-down list box and clickOK.

8.ClickSubmit.

9.ClickPending Changes.

10.In thePending Changeswindow, select the check box and clickDeploy changes.

(host) [md] (config) #aaa authentication-server radius radius1

(host) [md] (RADIUS Server "radius1) #

acct-modifier

acctport

auth-modifier

authport

…

(host) [md] (config) #aaa radius modifier

clone

exclude

include

(host) [md] #show aaa radius modifier

Dynamic Data Support

Starting fromArubaOS8.2.0.0, support for dynamic data for the included attributes in theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.Attribute modifier is supported. Users can configure the dynamic value for each included attribute in theRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier to be one or two data items. Following data items can be picked to form the dynamic value for each included attribute:

AP-Name: Name of the AP which the client currently associated to.

AP-MAC-Address:MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.-address of the AP which the client currently associated to.

AP-Group: Group-name of the AP which the client currently associated to.

ESSID:ESSID扩展服务的年代et Identifier. ESSID refers to the ID used for identifying an extended service set.which the client currently associated to.

Field1 and Field2 have the same value but these can be used for different combination with the delimiter. This included attribute are of type String and can contain up to 128 bytes.

The following procedure describes how to configure aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile with single-item dynamic data:

1.In theMobility Masternode hierarchy, navigate to theConfiguration>Systems>Profilestab.

2.UnderAll Profiles, expandWireless LAN.

3.ClickRadius Modifier.

4.In theRadius Modifier Profile: New Profile, click+to add a new radius modifier profile.

5.Enter aProfile name.

6.Click+in+Attrfield and select a name from theNamedrop-down list and set theTypetodynamic.

7.Select the first dynamic field from theD_field1drop-down list.

8.Select the second dynamic field from theD_field2drop-down list.

9.Select the delimiter from theD_delimiterdrop-down list.

10.. ClickOK.

11.ClickSubmit

12.ClickPending Changes.

13.In thePending Changeswindow, select the check box and clickDeploy changes.

(host)(config) #aaa radius modifier dynamic-mod

(host) (Radius Modifier Profile "dynamic-mod") #?

clone Copy data from another Radius Modifier Profile

exclude Attribute to be excluded in RADIUS request

include Attribute/Value to be included in RADIUS request

no Delete Command

(主机)(半径修改器配置文件“dynamic-mod”)#clude ?

RADIUS Attribute Name

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id ?

dynamic First dynamic field

static Static Data

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic ?

ap-group1 Use AP group as first dynamic field

ap-macaddr1 Use AP mac address as first dynamic field

ap-name1 Use AP name as first dynamic field

essid1 Use essid as first dynamic field

user-vlan1 Use user's current VLAN-ID as first dynamic field

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic ap-name1

To configure aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier profile with two-item dynamic data

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic ?

ap-group1 Use AP group as first dynamic field

ap-macaddr1 Use AP mac address as first dynamic field

ap-name1 Use AP name as first dynamic field

essid1 Use essid as first dynamic field

user-vlan1 Use user's current VLAN-ID as first dynamic field

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic essid1 ?

with Optional second dynamic field

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic essid1 with ?

ap-group2 Use AP group as second dynamic field

ap-macaddr2 Use AP mac address as second dynamic field

ap-name2 Use AP name as second dynamic field

essid2 Use essid as second dynamic field

user-vlan2 Use user's current VLAN-ID as first dynamic field

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic essid1 with ap-macaddr2 ?

delimiter Delimiter between fields

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic essid1 with ap-macaddr2 delimiter ?

at Use '@' as delimiter between fields

colon Use ':' as delimiter between fields

dash Use '-' as delimiter between fields

dollar Use '$' as delimiter between fields

hash Use '#' as delimiter between fields

none NULL

percent Use '%' as delimiter between fields

semicolon Use ';' as delimiter between fields

slash Use '/' as delimiter between fields

space Use ' ' as delimiter between fields

(主机)(半径修改器配置文件“dynamic-mod”)#clude Aruba-Location-Id dynamic essid1 with ap-macaddr2 delimiter at ?

(host) (config) #show aaa radius modifier dynamic-mod

Radius Modifier Profile

-----------------------

Action Attribute Name Data Type Data Value

------ -------------- --------- ----------

+Attr Aruba-Location-Id dynamic essid1 with ap-macaddr2 delimiter at

+Attr BW-Area-Code static "212"

+Attr BW-City-Name static "San Jose"

+Attr Aruba-AP-Group dynamic ap-group1

-Attr Aruba-Device-Type

Dynamically Assign VLAN-ID to NAS-Port

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.command configures aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.modifier to assign the client'sVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.-ID to theNASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server.-PortRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.attribute:

(host) [mode] (config) # aaa radius modifier "Hilton-Eleven"

include "NAS-Port-ID" dynamic user-vlan1

(host) [mode] (config) #aaa authentication-server radius "eleven-server"

.....

auth-modifier "Hilton-Eleven”

.....

RADIUS Server Authentication Codes

A configuredRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server returns the following standard response codes.

Table 2:RADIUS Authentication Response Codes
Code	Description
0	Authentication OK.
1	Authentication failed : user/password combination not correct.
2	Authentication request timed out : No response from server.
3	Internal authentication error.
4	Bad Response fromRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server : verify shared secret is correct.
5	NoRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.authentication server is configured.
6	Challenge from server (This does not necessarily indicate an error condition).

RADIUS Server Fully Qualified Domain Names

If you define aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server using theFQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.of the server rather than its IP address, themanaged deviceperiodically generates aDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.request and caches the IP address returned in theDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.response. To view the IP address that currently correlates to eachRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.serverFQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet., access the command-line interface in config mode and issue theshow aaa fqdn-server-namescommand.

DNS查询时间间隔s

If you define aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server using theFQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.of the server rather than its IP address, themanaged deviceperiodically generates aDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.request and caches the IP address returned in theDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.response.DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.requests are sent every 15 minutes by default.

You can use either the WebUI or theCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.to configure how often aDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.request is generated to cache the IP address for aRADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.server identified via itsFQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet..

The following procedure describes how to configureDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.query intervals:

1.In theMobility Masternode hierarchy, navigate to theConfiguration > Authentication > Advancedpage.

2.Expand theDNS查询时间间隔accordion, enter a newDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.query interval from 1-1440 minutes, in theDNS查询时间间隔(min) field.

3.ClickSubmit.

4.ClickPending Changes.

5.In thePending Changeswindow, select the check box and clickDeploy changes.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.command configuresDNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.query intervals:

(host) [mynode] (config) #aaa dns-query-interval

/*]]>*/

Send Feedback